Hash checking mode fails if a package publishes a late built distribution #11692

n1ngu · 2023-01-03T18:49:16Z

Description

Given a former release of a project that did not initially include a built distribution for your target platform
When a built distribution is published days or years after a lockfile was generated
Then installation fails because the preferred built distribution does not match any of the hashes listed in the lockfile

E.g. see https://gitlab.com/doctormo/python-crontab/-/issues/103

python-crontab 2.6.0 was released on Oct 19th, 2021 but only a source .tar.gz distribution. On Dec 20th, 2022 a built .whl distribution was pushed for the same 2.6.0 version. Because the wheel is not discarded, installation fails.

So, for a wide timespan, the tarball hash was legitimately the only whitelisted hash for a bunch of people expecting reproducible installs.

While the case for python-crontab 2.6.0 is a bit extreme, being a lockfile-watching weirdo like me reveals the scenario is repeatedly happening because of ecosystem's adoption of new platform tags like musllinux and recent CPython versions.

Follow-up from pypa/pipenv#5550

Expected behavior

Discard the wheel and install the tarball that matches the hash. Generally speaking, discard any artifact not matching some of the hashes before choosing among them.

It turns out pip==22.2.2 handled this just fine!

pip version

22.3+

Python version

3.10.8

OS

linux

How to Reproduce

Given the following requirements.txt

python-crontab==2.6.0 --hash=sha256:1e35ed7a3cdc3100545b43e196d34754e6551e7f95e4caebbe0e1c0ca41c2f1b

Run

$ pip install -r requirements.txt -vv --no-deps --disable-pip-version-check  --no-cache-dir

Output

$ pip install -r requirements.txt -vv --no-deps --disable-pip-version-check  --no-cache-dir
Using pip 22.3.1 from /tmp/asdf/vvv/lib/python3.10/site-packages/pip (python 3.10)
Non-user install because user site-packages disabled
Created temporary directory: /tmp/pip-build-tracker-hd0a5xih
Initialized build tracking at /tmp/pip-build-tracker-hd0a5xih
Created build tracker: /tmp/pip-build-tracker-hd0a5xih
Entered build tracker: /tmp/pip-build-tracker-hd0a5xih
Created temporary directory: /tmp/pip-install-f4joly6p
Created temporary directory: /tmp/pip-ephem-wheel-cache-m3ad5n3l
1 location(s) to search for versions of python-crontab:
* https://pypi.org/simple/python-crontab/
Fetching project page and analyzing links: https://pypi.org/simple/python-crontab/
Getting page https://pypi.org/simple/python-crontab/
Found index url https://pypi.org/simple
Starting new HTTPS connection (1): pypi.org:443
https://pypi.org:443 "GET /simple/python-crontab/ HTTP/1.1" 200 6301
Fetched page https://pypi.org/simple/python-crontab/ as application/vnd.pypi.simple.v1+json
  Found link https://files.pythonhosted.org/packages/11/fe/05423c8aa7d569c13735a1b2e96b5635bde729a719456914c1c93cbaaaa9/python-crontab-0.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.5
  Found link https://files.pythonhosted.org/packages/1b/51/88c692ae57da0bc704d77be92688518749794397fb8beac1ff7cb0144e7f/python-crontab-0.7.linux-i686.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.7.linux-i686
  Found link https://files.pythonhosted.org/packages/f0/b8/8e90afb76740910d8c07300949b4d57244040da4e22ba08c500c836796bb/python-crontab-0.7.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.7
  Found link https://files.pythonhosted.org/packages/f0/63/6c032da34aea1e172dcf0cfd31bea70604627904c32a02f5d88a8f5ff69a/python-crontab-0.9.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.9.2
  Found link https://files.pythonhosted.org/packages/c2/39/9ac2b37395c11b50bf7624cd65cc2b29e48413a0915a86a530605790135d/python-crontab-0.9.4.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.9.4
  Found link https://files.pythonhosted.org/packages/7c/95/a90e942bcf645e1ecfd34f07056f38204b847c28d2923952415543d5b98b/python-crontab-0.9.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.9.5
  Found link https://files.pythonhosted.org/packages/ac/79/ba7f6e5439707f15e8df513301ffd81e13f15779bbcfef3318a7b55809a4/python-crontab-0.9.6.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.9.6
  Found link https://files.pythonhosted.org/packages/04/72/4d6976f725768de558761f93c34dcae5b1a10b7f20dc3ff256e59159d916/python-crontab-0.9.7.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.9.7
  Found link https://files.pythonhosted.org/packages/37/cb/439e25a13dc1e1ba1945a97d039cfb1b422e128220d4beb03862c514e6fd/python-crontab-1.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.0
  Found link https://files.pythonhosted.org/packages/36/2a/efe5439539814e04415c8e02047797ef0c7c04b1887c7a645b5efc9a59dc/python-crontab-1.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.1
  Found link https://files.pythonhosted.org/packages/18/78/6fcc6f595cfa09802b553fa08a67a9190ca4f68110969892ea717dad52e3/python-crontab-1.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.2
  Found link https://files.pythonhosted.org/packages/80/0c/6d1cb0cfad10b4f8dd9cfa07031b7fb9c3e97165c3bfb5400f53f7e7f747/python-crontab-1.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.3
  Found link https://files.pythonhosted.org/packages/88/1c/898a13b24e9ddb6baf2156ed00f96683f7857a97c4cb5b20cba9d07aafbe/python-crontab-1.3.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.3.2
  Found link https://files.pythonhosted.org/packages/d6/26/fc6a2fc1b7ca71c43a4c7c99141d01bdfd4e9c7933c2989bee5898544497/python-crontab-1.4.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.4
  Found link https://files.pythonhosted.org/packages/35/39/2abf2f3919e54eade69b7140ec80bbe498ccb04a2028b898488edb8dc17d/python-crontab-1.4.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.4.1
  Found link https://files.pythonhosted.org/packages/39/b6/2f54589e1bb5f999b97b73086b224d74349f203de96bc5c9da2ca3b38190/python-crontab-1.4.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.4.3
  Found link https://files.pythonhosted.org/packages/2f/14/f175403cfc85f0158e09bd32139e6b47f9f312559dcb57f7ed8aa561bac9/python-crontab-1.4.4.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.4.4
  Found link https://files.pythonhosted.org/packages/5a/49/4afc7b039fbca210a540fe7fd7937e25b8cd5ab8c3b69b38b0cf7a31828a/python-crontab-1.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.5
  Found link https://files.pythonhosted.org/packages/6b/31/5e39914b2fb55c625ce2610149229d0128384e24d2a6f2f6022bb170d167/python-crontab-1.5.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.5.1
  Found link https://files.pythonhosted.org/packages/a0/28/fcfd4bc96bea36d5bf78fa3379d98e51e75d59fed98bb680e264bc8f7c2c/python-crontab-1.6.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.6.0
  Found link https://files.pythonhosted.org/packages/e6/ec/11a4697f8633dd200302274814ae59e40ee7a16ed1e6b36f65448d0f36c1/python-crontab-1.7.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.7.0
  Found link https://files.pythonhosted.org/packages/52/ec/dfcdb64afa9eb2ee25746b34f3a33282eaa628a219fb1efdbfce90f8898b/python-crontab-1.7.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.7.1
  Found link https://files.pythonhosted.org/packages/f8/48/814de172993b93373ea3674454e36f5d59e406a69ed8ba1e31c2521d68d1/python-crontab-1.7.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.7.2
  Found link https://files.pythonhosted.org/packages/26/06/9b4bcb8436b5b1620053f11ce7c916dcc55f1fb3f706919b0ca5c641b1a3/python-crontab-1.7.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.7.3
  Found link https://files.pythonhosted.org/packages/14/f6/0de106e1a625454b720d91b228551b98a31899c841ab7ec7b29001619bb7/python-crontab-1.8.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.8
  Found link https://files.pythonhosted.org/packages/0f/e8/8cb9095db821ea2ca937a6a99d39a5bd8b3b95e3312837214cb37b7a3273/python-crontab-1.8.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.8.1
  Found link https://files.pythonhosted.org/packages/c3/20/f9f2f2b25d45a211e2d50bedadf5b3276dcd8de701b045e2f5a89879cba9/python-crontab-1.8.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.8.2
  Found link https://files.pythonhosted.org/packages/d1/ae/3631fbc41b398328cdfb4c7109b3990b22dbc584fa5b07ac194b12b7527b/python-crontab-1.8.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.8.3
  Found link https://files.pythonhosted.org/packages/19/21/2f0f09cb3f797321ad1577a6178c8eeabc4da00731eca97f08a2ab90fe87/python-crontab-1.9.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.9.0
  Found link https://files.pythonhosted.org/packages/9d/a3/bc2c30627614bf58819e5a1a5cbd6c9d0c43d2c8614822b4a88172916e7d/python-crontab-1.9.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.9.1
  Found link https://files.pythonhosted.org/packages/d7/af/295326acfbd7a1b0d6d9ed01e617456b9fc1cadd7c94fe455162ff56a197/python-crontab-1.9.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.9.2
  Found link https://files.pythonhosted.org/packages/39/0c/d0cb285074515bc51abdf73788716697cefd0f8c8ef652148c9834eb0e83/python-crontab-1.9.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.9.3
  Found link https://files.pythonhosted.org/packages/83/a4/467ee4e42b9417b6f279c1041da1368e6d09008766b5117457d969fb72f6/python-crontab-1.9.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.9.5
  Found link https://files.pythonhosted.org/packages/0e/de/2eec62f89f256ea3df856e0d72e5549df44f161a6804e974b1ee4b486f24/python-crontab-2.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.0
  Found link https://files.pythonhosted.org/packages/25/07/2d52009c54b328cb803e1edb3a38e4ef352463f6d5b21e70de627adae50b/python-crontab-2.0.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.0.1
  Found link https://files.pythonhosted.org/packages/70/19/7846723583108da608ea735d3125305b90ec37192319fe4b76e75469c21e/python-crontab-2.0.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.0.2
  Found link https://files.pythonhosted.org/packages/43/bd/3bfb19dd7c01d1a68894512be8e9a3f5924c6e5f9f2e931ef68270bfa81b/python-crontab-2.1.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.1.1
  Found link https://files.pythonhosted.org/packages/ae/28/56c771982473ef3947eaf91405e16f813dbfadc58fe99d6f15086af195fe/python-crontab-2.1.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.1.2
  Found link https://files.pythonhosted.org/packages/8f/0d/57c8d87934f424cc9cfde25c84e1cc46c40f2e9576f9d0c4d2fa6f73bc90/python-crontab-2.2.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.0
  Found link https://files.pythonhosted.org/packages/16/0f/d5bdfdbf88d0a2194628b858351b6ec14cb26fabb551d25b8b8681d3aed4/python-crontab-2.2.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.1
  Found link https://files.pythonhosted.org/packages/ab/03/86cd975a93fb36c174a7ee42e7dede91b471e1bbce0b45df1674a72bed1c/python-crontab-2.2.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.2
  Found link https://files.pythonhosted.org/packages/00/9c/fd5517e1b046d0ee0d5d7d9f2bc61c724d7bbed17a6f658b5ff57a1cb4bf/python-crontab-2.2.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.3
  Found link https://files.pythonhosted.org/packages/bb/eb/65603b7e76542d301bedea22bf46248ce964de6144550f626b68cb4156e0/python-crontab-2.2.4.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.4
  Found link https://files.pythonhosted.org/packages/2f/20/15c1e0a4456119b5142d9a4c78496e7a19289b29d279a9a6ecf3362aa31a/python-crontab-2.2.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.5
  Found link https://files.pythonhosted.org/packages/e7/b9/a650b9bb7783ec632e42d2dca975c9f9f31e6a63ebd51f97c819eb702997/python-crontab-2.2.6.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.6
  Found link https://files.pythonhosted.org/packages/c8/9c/ed693b55d7bc1cea6088ff9fd4384b86876a8842e266932371f3bdba6843/python-crontab-2.2.7.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.7
  Found link https://files.pythonhosted.org/packages/bd/03/c512ff706325f61a8788b2776ba5989507eb8606de64c3eafe8676dd06f0/python-crontab-2.2.8.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.8
  Found link https://files.pythonhosted.org/packages/12/02/42acd56201b75959641ef7074dce3e2a5d4ca8febbf4c66a9a1dd5bbd296/python-crontab-2.3.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.0
  Found link https://files.pythonhosted.org/packages/de/86/a58880667f4dcbf344d8c98c00f8eed521c645f9f5c4343a959c31931328/python-crontab-2.3.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.2
  Found link https://files.pythonhosted.org/packages/ee/6b/b0d70f6e424a373a0d6b8edabc0b3c1671dd1e16f0bd82c2fb560c468922/python-crontab-2.3.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.3
  Found link https://files.pythonhosted.org/packages/8e/e2/6161dfb3de975b87c645d1b676a8432122345776a83e9365bbff56a5be17/python-crontab-2.3.4.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.4
  Found link https://files.pythonhosted.org/packages/66/88/4f443440230dd28158bac16dcccd8c9834cee55845bf83e85550d2e389ac/python-crontab-2.3.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.5
  Found link https://files.pythonhosted.org/packages/2c/4f/60b3481b00af6cb91eb19bfb14ac518aebd268fa2a0cd3e21ba1687c4816/python-crontab-2.3.6.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.6
  Found link https://files.pythonhosted.org/packages/d1/ec/1ad8ed2ce92527ffa8b9bd29801803537f3eecf32445e25da95fa47f8895/python-crontab-2.3.7.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.7
  Found link https://files.pythonhosted.org/packages/a9/f1/96b7d9ad7b591908a5c9b02e4c7c6cb82425da7e2cd0a831815ca196046b/python-crontab-2.3.8.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.8
  Found link https://files.pythonhosted.org/packages/01/3f/e81716ba2592e7006c174251f70486b7e1d06abea80fe0c25a07d6527f5b/python-crontab-2.3.9.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.9
  Found link https://files.pythonhosted.org/packages/bc/03/852f9c5f8da7f58abce06fe8ae769cbcf6502f1c60684b16bad72ffcced3/python-crontab-2.4.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.4.0
  Found link https://files.pythonhosted.org/packages/09/b1/31d3ccf2ad3d4f7727b325ad7ea77d042e1939c5cacbf1d7478e391cca51/python-crontab-2.4.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.4.1
  Found link https://files.pythonhosted.org/packages/d1/c2/e92e801a0c504e62899d574a6d281d6e598861797c6798a664556d2bca8c/python-crontab-2.4.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.4.2
  Found link https://files.pythonhosted.org/packages/6b/ff/42c11cf843eedaff89c6ac5e65ab9935cb4af7bd13621708036ea8352d38/python-crontab-2.5.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.5.0
  Found link https://files.pythonhosted.org/packages/1b/7e/fb78b96de58a49b8ef807c321870ef4de3de5928fd71a40a400aed714310/python-crontab-2.5.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.5.1
  Found link https://files.pythonhosted.org/packages/06/b0/c270a1b5c83d9e0f83ab654d3153c39d80f61ba49fefde50fd23ab351381/python-crontab-2.6.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.6.0
  Found link https://files.pythonhosted.org/packages/8a/65/ee4f4db956d14b42aa6cf0dbd0b77217a206484b99f1d4aa11326cd3952a/python_crontab-2.6.0-py3-none-any.whl (from https://pypi.org/simple/python-crontab/), version: 2.6.0
  Found link https://files.pythonhosted.org/packages/88/ed/b680cf865be4f4066f2cd27898c6890f991c0d8d462ae2953398c11fa792/python-crontab-2.7.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.7.0
  Found link https://files.pythonhosted.org/packages/0c/15/abd4aa3c53e3bb2e7c480492e115d12a6e2c3974c57bb2cde1bead9a4d31/python_crontab-2.7.0-py3-none-any.whl (from https://pypi.org/simple/python-crontab/), version: 2.7.0
  Found link https://files.pythonhosted.org/packages/6a/b6/94d861e868698b8e3f288f7e4684e30535b0d9a6b38316ee0a3d4d31e6ae/python-crontab-2.7.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.7.1
  Found link https://files.pythonhosted.org/packages/9d/3b/8288af482e9ce777258ad234a497da22f36e4c36041da35b7648957eda37/python_crontab-2.7.1-py3-none-any.whl (from https://pypi.org/simple/python-crontab/), version: 2.7.1
Skipping link: not a file: https://pypi.org/simple/python-crontab/
Checked 2 links for project 'python-crontab' against 1 hashes (0 matches, 2 no digest): discarding no candidates
Collecting python-crontab==2.6.0
  Metadata-only fetching is not used as hash checking is required
  Created temporary directory: /tmp/pip-unpack-r_kxo9a4
  Starting new HTTPS connection (1): files.pythonhosted.org:443
  https://files.pythonhosted.org:443 "GET /packages/8a/65/ee4f4db956d14b42aa6cf0dbd0b77217a206484b99f1d4aa11326cd3952a/python_crontab-2.6.0-py3-none-any.whl HTTP/1.1" 200 25807
  Downloading python_crontab-2.6.0-py3-none-any.whl (25 kB)
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    python-crontab==2.6.0 from https://files.pythonhosted.org/packages/8a/65/ee4f4db956d14b42aa6cf0dbd0b77217a206484b99f1d4aa11326cd3952a/python_crontab-2.6.0-py3-none-any.whl (from -r reqs.txt (line 1)):
        Expected sha256 1e35ed7a3cdc3100545b43e196d34754e6551e7f95e4caebbe0e1c0ca41c2f1b
             Got        f308a64b8b1d072da4a235e9320398a242e92d080c1d8143bd0c600b24e160f8

Exception information:
Traceback (most recent call last):
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/cli/base_command.py", line 160, in exc_logging_wrapper
    status = run_func(*args)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/cli/req_command.py", line 247, in wrapper
    return func(self, options, args)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/commands/install.py", line 400, in run
    requirement_set = resolver.resolve(
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/resolver.py", line 92, in resolve
    result = self._result = resolver.resolve(
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_vendor/resolvelib/resolvers.py", line 481, in resolve
    state = resolution.resolve(requirements, max_rounds=max_rounds)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_vendor/resolvelib/resolvers.py", line 348, in resolve
    self._add_to_criteria(self.state.criteria, r, parent=None)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_vendor/resolvelib/resolvers.py", line 172, in _add_to_criteria
    if not criterion.candidates:
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_vendor/resolvelib/structs.py", line 151, in __bool__
    return bool(self._sequence)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 155, in __bool__
    return any(self)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 143, in <genexpr>
    return (c for c in iterator if id(c) not in self._incompatible_ids)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/found_candidates.py", line 47, in _iter_built
    candidate = func()
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/factory.py", line 206, in _make_candidate_from_link
    self._link_candidate_cache[link] = LinkCandidate(
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 297, in __init__
    super().__init__(
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 162, in __init__
    self.dist = self._prepare()
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 231, in _prepare
    dist = self._prepare_distribution()
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/resolution/resolvelib/candidates.py", line 308, in _prepare_distribution
    return preparer.prepare_linked_requirement(self._ireq, parallel_builds=True)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/operations/prepare.py", line 491, in prepare_linked_requirement
    return self._prepare_linked_requirement(req, parallel_builds)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/operations/prepare.py", line 536, in _prepare_linked_requirement
    local_file = unpack_url(
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/operations/prepare.py", line 166, in unpack_url
    file = get_http_url(
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/operations/prepare.py", line 109, in get_http_url
    hashes.check_against_path(from_path)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/utils/hashes.py", line 106, in check_against_path
    return self.check_against_file(file)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/utils/hashes.py", line 102, in check_against_file
    return self.check_against_chunks(read_chunks(file))
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/utils/hashes.py", line 91, in check_against_chunks
    self._raise(gots)
  File "/tmp/asdf/vvv/lib/python3.10/site-packages/pip/_internal/utils/hashes.py", line 94, in _raise
    raise HashMismatch(self._allowed, gots)
pip._internal.exceptions.HashMismatch: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    python-crontab==2.6.0 from https://files.pythonhosted.org/packages/8a/65/ee4f4db956d14b42aa6cf0dbd0b77217a206484b99f1d4aa11326cd3952a/python_crontab-2.6.0-py3-none-any.whl (from -r reqs.txt (line 1)):
        Expected sha256 1e35ed7a3cdc3100545b43e196d34754e6551e7f95e4caebbe0e1c0ca41c2f1b
             Got        f308a64b8b1d072da4a235e9320398a242e92d080c1d8143bd0c600b24e160f8

Removed build tracker: '/tmp/pip-build-tracker-hd0a5xih'

but for the previous pip==22.2.2

$ pip install -r requirements.txt -vv --no-deps --disable-pip-version-check  --no-cache-dir
Using pip 22.2.2 from /tmp/asdf/vvv/lib/python3.10/site-packages/pip (python 3.10)
Non-user install because user site-packages disabled
Created temporary directory: /tmp/pip-ephem-wheel-cache-xfm5uo10
Created temporary directory: /tmp/pip-build-tracker-1_1l4mrr
Initialized build tracking at /tmp/pip-build-tracker-1_1l4mrr
Created build tracker: /tmp/pip-build-tracker-1_1l4mrr
Entered build tracker: /tmp/pip-build-tracker-1_1l4mrr
Created temporary directory: /tmp/pip-install-midmv0o_
1 location(s) to search for versions of python-crontab:
* https://pypi.org/simple/python-crontab/
Fetching project page and analyzing links: https://pypi.org/simple/python-crontab/
Getting page https://pypi.org/simple/python-crontab/
Found index url https://pypi.org/simple
Starting new HTTPS connection (1): pypi.org:443
https://pypi.org:443 "GET /simple/python-crontab/ HTTP/1.1" 200 6301
Fetched page https://pypi.org/simple/python-crontab/ as application/vnd.pypi.simple.v1+json
  Found link https://files.pythonhosted.org/packages/11/fe/05423c8aa7d569c13735a1b2e96b5635bde729a719456914c1c93cbaaaa9/python-crontab-0.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.5
  Found link https://files.pythonhosted.org/packages/1b/51/88c692ae57da0bc704d77be92688518749794397fb8beac1ff7cb0144e7f/python-crontab-0.7.linux-i686.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.7.linux-i686
  Found link https://files.pythonhosted.org/packages/f0/b8/8e90afb76740910d8c07300949b4d57244040da4e22ba08c500c836796bb/python-crontab-0.7.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.7
  Found link https://files.pythonhosted.org/packages/f0/63/6c032da34aea1e172dcf0cfd31bea70604627904c32a02f5d88a8f5ff69a/python-crontab-0.9.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.9.2
  Found link https://files.pythonhosted.org/packages/c2/39/9ac2b37395c11b50bf7624cd65cc2b29e48413a0915a86a530605790135d/python-crontab-0.9.4.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.9.4
  Found link https://files.pythonhosted.org/packages/7c/95/a90e942bcf645e1ecfd34f07056f38204b847c28d2923952415543d5b98b/python-crontab-0.9.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.9.5
  Found link https://files.pythonhosted.org/packages/ac/79/ba7f6e5439707f15e8df513301ffd81e13f15779bbcfef3318a7b55809a4/python-crontab-0.9.6.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.9.6
  Found link https://files.pythonhosted.org/packages/04/72/4d6976f725768de558761f93c34dcae5b1a10b7f20dc3ff256e59159d916/python-crontab-0.9.7.tar.gz (from https://pypi.org/simple/python-crontab/), version: 0.9.7
  Found link https://files.pythonhosted.org/packages/37/cb/439e25a13dc1e1ba1945a97d039cfb1b422e128220d4beb03862c514e6fd/python-crontab-1.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.0
  Found link https://files.pythonhosted.org/packages/36/2a/efe5439539814e04415c8e02047797ef0c7c04b1887c7a645b5efc9a59dc/python-crontab-1.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.1
  Found link https://files.pythonhosted.org/packages/18/78/6fcc6f595cfa09802b553fa08a67a9190ca4f68110969892ea717dad52e3/python-crontab-1.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.2
  Found link https://files.pythonhosted.org/packages/80/0c/6d1cb0cfad10b4f8dd9cfa07031b7fb9c3e97165c3bfb5400f53f7e7f747/python-crontab-1.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.3
  Found link https://files.pythonhosted.org/packages/88/1c/898a13b24e9ddb6baf2156ed00f96683f7857a97c4cb5b20cba9d07aafbe/python-crontab-1.3.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.3.2
  Found link https://files.pythonhosted.org/packages/d6/26/fc6a2fc1b7ca71c43a4c7c99141d01bdfd4e9c7933c2989bee5898544497/python-crontab-1.4.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.4
  Found link https://files.pythonhosted.org/packages/35/39/2abf2f3919e54eade69b7140ec80bbe498ccb04a2028b898488edb8dc17d/python-crontab-1.4.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.4.1
  Found link https://files.pythonhosted.org/packages/39/b6/2f54589e1bb5f999b97b73086b224d74349f203de96bc5c9da2ca3b38190/python-crontab-1.4.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.4.3
  Found link https://files.pythonhosted.org/packages/2f/14/f175403cfc85f0158e09bd32139e6b47f9f312559dcb57f7ed8aa561bac9/python-crontab-1.4.4.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.4.4
  Found link https://files.pythonhosted.org/packages/5a/49/4afc7b039fbca210a540fe7fd7937e25b8cd5ab8c3b69b38b0cf7a31828a/python-crontab-1.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.5
  Found link https://files.pythonhosted.org/packages/6b/31/5e39914b2fb55c625ce2610149229d0128384e24d2a6f2f6022bb170d167/python-crontab-1.5.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.5.1
  Found link https://files.pythonhosted.org/packages/a0/28/fcfd4bc96bea36d5bf78fa3379d98e51e75d59fed98bb680e264bc8f7c2c/python-crontab-1.6.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.6.0
  Found link https://files.pythonhosted.org/packages/e6/ec/11a4697f8633dd200302274814ae59e40ee7a16ed1e6b36f65448d0f36c1/python-crontab-1.7.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.7.0
  Found link https://files.pythonhosted.org/packages/52/ec/dfcdb64afa9eb2ee25746b34f3a33282eaa628a219fb1efdbfce90f8898b/python-crontab-1.7.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.7.1
  Found link https://files.pythonhosted.org/packages/f8/48/814de172993b93373ea3674454e36f5d59e406a69ed8ba1e31c2521d68d1/python-crontab-1.7.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.7.2
  Found link https://files.pythonhosted.org/packages/26/06/9b4bcb8436b5b1620053f11ce7c916dcc55f1fb3f706919b0ca5c641b1a3/python-crontab-1.7.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.7.3
  Found link https://files.pythonhosted.org/packages/14/f6/0de106e1a625454b720d91b228551b98a31899c841ab7ec7b29001619bb7/python-crontab-1.8.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.8
  Found link https://files.pythonhosted.org/packages/0f/e8/8cb9095db821ea2ca937a6a99d39a5bd8b3b95e3312837214cb37b7a3273/python-crontab-1.8.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.8.1
  Found link https://files.pythonhosted.org/packages/c3/20/f9f2f2b25d45a211e2d50bedadf5b3276dcd8de701b045e2f5a89879cba9/python-crontab-1.8.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.8.2
  Found link https://files.pythonhosted.org/packages/d1/ae/3631fbc41b398328cdfb4c7109b3990b22dbc584fa5b07ac194b12b7527b/python-crontab-1.8.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.8.3
  Found link https://files.pythonhosted.org/packages/19/21/2f0f09cb3f797321ad1577a6178c8eeabc4da00731eca97f08a2ab90fe87/python-crontab-1.9.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.9.0
  Found link https://files.pythonhosted.org/packages/9d/a3/bc2c30627614bf58819e5a1a5cbd6c9d0c43d2c8614822b4a88172916e7d/python-crontab-1.9.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.9.1
  Found link https://files.pythonhosted.org/packages/d7/af/295326acfbd7a1b0d6d9ed01e617456b9fc1cadd7c94fe455162ff56a197/python-crontab-1.9.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.9.2
  Found link https://files.pythonhosted.org/packages/39/0c/d0cb285074515bc51abdf73788716697cefd0f8c8ef652148c9834eb0e83/python-crontab-1.9.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.9.3
  Found link https://files.pythonhosted.org/packages/83/a4/467ee4e42b9417b6f279c1041da1368e6d09008766b5117457d969fb72f6/python-crontab-1.9.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 1.9.5
  Found link https://files.pythonhosted.org/packages/0e/de/2eec62f89f256ea3df856e0d72e5549df44f161a6804e974b1ee4b486f24/python-crontab-2.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.0
  Found link https://files.pythonhosted.org/packages/25/07/2d52009c54b328cb803e1edb3a38e4ef352463f6d5b21e70de627adae50b/python-crontab-2.0.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.0.1
  Found link https://files.pythonhosted.org/packages/70/19/7846723583108da608ea735d3125305b90ec37192319fe4b76e75469c21e/python-crontab-2.0.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.0.2
  Found link https://files.pythonhosted.org/packages/43/bd/3bfb19dd7c01d1a68894512be8e9a3f5924c6e5f9f2e931ef68270bfa81b/python-crontab-2.1.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.1.1
  Found link https://files.pythonhosted.org/packages/ae/28/56c771982473ef3947eaf91405e16f813dbfadc58fe99d6f15086af195fe/python-crontab-2.1.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.1.2
  Found link https://files.pythonhosted.org/packages/8f/0d/57c8d87934f424cc9cfde25c84e1cc46c40f2e9576f9d0c4d2fa6f73bc90/python-crontab-2.2.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.0
  Found link https://files.pythonhosted.org/packages/16/0f/d5bdfdbf88d0a2194628b858351b6ec14cb26fabb551d25b8b8681d3aed4/python-crontab-2.2.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.1
  Found link https://files.pythonhosted.org/packages/ab/03/86cd975a93fb36c174a7ee42e7dede91b471e1bbce0b45df1674a72bed1c/python-crontab-2.2.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.2
  Found link https://files.pythonhosted.org/packages/00/9c/fd5517e1b046d0ee0d5d7d9f2bc61c724d7bbed17a6f658b5ff57a1cb4bf/python-crontab-2.2.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.3
  Found link https://files.pythonhosted.org/packages/bb/eb/65603b7e76542d301bedea22bf46248ce964de6144550f626b68cb4156e0/python-crontab-2.2.4.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.4
  Found link https://files.pythonhosted.org/packages/2f/20/15c1e0a4456119b5142d9a4c78496e7a19289b29d279a9a6ecf3362aa31a/python-crontab-2.2.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.5
  Found link https://files.pythonhosted.org/packages/e7/b9/a650b9bb7783ec632e42d2dca975c9f9f31e6a63ebd51f97c819eb702997/python-crontab-2.2.6.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.6
  Found link https://files.pythonhosted.org/packages/c8/9c/ed693b55d7bc1cea6088ff9fd4384b86876a8842e266932371f3bdba6843/python-crontab-2.2.7.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.7
  Found link https://files.pythonhosted.org/packages/bd/03/c512ff706325f61a8788b2776ba5989507eb8606de64c3eafe8676dd06f0/python-crontab-2.2.8.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.2.8
  Found link https://files.pythonhosted.org/packages/12/02/42acd56201b75959641ef7074dce3e2a5d4ca8febbf4c66a9a1dd5bbd296/python-crontab-2.3.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.0
  Found link https://files.pythonhosted.org/packages/de/86/a58880667f4dcbf344d8c98c00f8eed521c645f9f5c4343a959c31931328/python-crontab-2.3.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.2
  Found link https://files.pythonhosted.org/packages/ee/6b/b0d70f6e424a373a0d6b8edabc0b3c1671dd1e16f0bd82c2fb560c468922/python-crontab-2.3.3.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.3
  Found link https://files.pythonhosted.org/packages/8e/e2/6161dfb3de975b87c645d1b676a8432122345776a83e9365bbff56a5be17/python-crontab-2.3.4.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.4
  Found link https://files.pythonhosted.org/packages/66/88/4f443440230dd28158bac16dcccd8c9834cee55845bf83e85550d2e389ac/python-crontab-2.3.5.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.5
  Found link https://files.pythonhosted.org/packages/2c/4f/60b3481b00af6cb91eb19bfb14ac518aebd268fa2a0cd3e21ba1687c4816/python-crontab-2.3.6.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.6
  Found link https://files.pythonhosted.org/packages/d1/ec/1ad8ed2ce92527ffa8b9bd29801803537f3eecf32445e25da95fa47f8895/python-crontab-2.3.7.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.7
  Found link https://files.pythonhosted.org/packages/a9/f1/96b7d9ad7b591908a5c9b02e4c7c6cb82425da7e2cd0a831815ca196046b/python-crontab-2.3.8.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.8
  Found link https://files.pythonhosted.org/packages/01/3f/e81716ba2592e7006c174251f70486b7e1d06abea80fe0c25a07d6527f5b/python-crontab-2.3.9.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.3.9
  Found link https://files.pythonhosted.org/packages/bc/03/852f9c5f8da7f58abce06fe8ae769cbcf6502f1c60684b16bad72ffcced3/python-crontab-2.4.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.4.0
  Found link https://files.pythonhosted.org/packages/09/b1/31d3ccf2ad3d4f7727b325ad7ea77d042e1939c5cacbf1d7478e391cca51/python-crontab-2.4.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.4.1
  Found link https://files.pythonhosted.org/packages/d1/c2/e92e801a0c504e62899d574a6d281d6e598861797c6798a664556d2bca8c/python-crontab-2.4.2.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.4.2
  Found link https://files.pythonhosted.org/packages/6b/ff/42c11cf843eedaff89c6ac5e65ab9935cb4af7bd13621708036ea8352d38/python-crontab-2.5.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.5.0
  Found link https://files.pythonhosted.org/packages/1b/7e/fb78b96de58a49b8ef807c321870ef4de3de5928fd71a40a400aed714310/python-crontab-2.5.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.5.1
  Found link https://files.pythonhosted.org/packages/06/b0/c270a1b5c83d9e0f83ab654d3153c39d80f61ba49fefde50fd23ab351381/python-crontab-2.6.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.6.0
  Found link https://files.pythonhosted.org/packages/8a/65/ee4f4db956d14b42aa6cf0dbd0b77217a206484b99f1d4aa11326cd3952a/python_crontab-2.6.0-py3-none-any.whl (from https://pypi.org/simple/python-crontab/), version: 2.6.0
  Found link https://files.pythonhosted.org/packages/88/ed/b680cf865be4f4066f2cd27898c6890f991c0d8d462ae2953398c11fa792/python-crontab-2.7.0.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.7.0
  Found link https://files.pythonhosted.org/packages/0c/15/abd4aa3c53e3bb2e7c480492e115d12a6e2c3974c57bb2cde1bead9a4d31/python_crontab-2.7.0-py3-none-any.whl (from https://pypi.org/simple/python-crontab/), version: 2.7.0
  Found link https://files.pythonhosted.org/packages/6a/b6/94d861e868698b8e3f288f7e4684e30535b0d9a6b38316ee0a3d4d31e6ae/python-crontab-2.7.1.tar.gz (from https://pypi.org/simple/python-crontab/), version: 2.7.1
  Found link https://files.pythonhosted.org/packages/9d/3b/8288af482e9ce777258ad234a497da22f36e4c36041da35b7648957eda37/python_crontab-2.7.1-py3-none-any.whl (from https://pypi.org/simple/python-crontab/), version: 2.7.1
Skipping link: not a file: https://pypi.org/simple/python-crontab/
Checked 2 links for project 'python-crontab' against 1 hashes (1 matches, 0 no digest): discarding 1 non-matches:
  https://files.pythonhosted.org/packages/8a/65/ee4f4db956d14b42aa6cf0dbd0b77217a206484b99f1d4aa11326cd3952a/python_crontab-2.6.0-py3-none-any.whl (from https://pypi.org/simple/python-crontab/)
Collecting python-crontab==2.6.0
  Created temporary directory: /tmp/pip-unpack-scrv3ffv
  Starting new HTTPS connection (1): files.pythonhosted.org:443
  https://files.pythonhosted.org:443 "GET /packages/06/b0/c270a1b5c83d9e0f83ab654d3153c39d80f61ba49fefde50fd23ab351381/python-crontab-2.6.0.tar.gz HTTP/1.1" 200 55325
  Downloading python-crontab-2.6.0.tar.gz (55 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 55.3/55.3 kB 3.0 MB/s eta 0:00:00
  Added python-crontab==2.6.0 from https://files.pythonhosted.org/packages/06/b0/c270a1b5c83d9e0f83ab654d3153c39d80f61ba49fefde50fd23ab351381/python-crontab-2.6.0.tar.gz (from -r reqs.txt (line 1)) to build tracker '/tmp/pip-build-tracker-1_1l4mrr'
  Running setup.py (path:/tmp/pip-install-midmv0o_/python-crontab_a98be087751247caa3c0903990619f69/setup.py) egg_info for package python-crontab
  Created temporary directory: /tmp/pip-pip-egg-info-repfqwth
  Preparing metadata (setup.py): started
  Running command python setup.py egg_info
  /tmp/asdf/vvv/lib/python3.10/site-packages/setuptools/_distutils/dist.py:257: UserWarning: Unknown distribution option: 'release'
    warnings.warn(msg)
  running egg_info
  creating /tmp/pip-pip-egg-info-repfqwth/python_crontab.egg-info
  writing /tmp/pip-pip-egg-info-repfqwth/python_crontab.egg-info/PKG-INFO
  writing dependency_links to /tmp/pip-pip-egg-info-repfqwth/python_crontab.egg-info/dependency_links.txt
  writing requirements to /tmp/pip-pip-egg-info-repfqwth/python_crontab.egg-info/requires.txt
  writing top-level names to /tmp/pip-pip-egg-info-repfqwth/python_crontab.egg-info/top_level.txt
  writing manifest file '/tmp/pip-pip-egg-info-repfqwth/python_crontab.egg-info/SOURCES.txt'
  reading manifest file '/tmp/pip-pip-egg-info-repfqwth/python_crontab.egg-info/SOURCES.txt'
  reading manifest template 'MANIFEST.in'
  adding license file 'COPYING'
  adding license file 'AUTHORS'
  writing manifest file '/tmp/pip-pip-egg-info-repfqwth/python_crontab.egg-info/SOURCES.txt'
  Preparing metadata (setup.py): finished with status 'done'
  Source in /tmp/pip-install-midmv0o_/python-crontab_a98be087751247caa3c0903990619f69 has version 2.6.0, which satisfies requirement python-crontab==2.6.0 from https://files.pythonhosted.org/packages/06/b0/c270a1b5c83d9e0f83ab654d3153c39d80f61ba49fefde50fd23ab351381/python-crontab-2.6.0.tar.gz (from -r reqs.txt (line 1))
  Removed python-crontab==2.6.0 from https://files.pythonhosted.org/packages/06/b0/c270a1b5c83d9e0f83ab654d3153c39d80f61ba49fefde50fd23ab351381/python-crontab-2.6.0.tar.gz (from -r reqs.txt (line 1)) from build tracker '/tmp/pip-build-tracker-1_1l4mrr'
Created temporary directory: /tmp/pip-unpack-znqkfq91
Using legacy 'setup.py install' for python-crontab, since package 'wheel' is not installed.
Installing collected packages: python-crontab
  Created temporary directory: /tmp/pip-record-wngtnb0r
  Running setup.py install for python-crontab: started
  Running command Running setup.py install for python-crontab
  /tmp/asdf/vvv/lib/python3.10/site-packages/setuptools/_distutils/dist.py:257: UserWarning: Unknown distribution option: 'release'
    warnings.warn(msg)
  running install
  /tmp/asdf/vvv/lib/python3.10/site-packages/setuptools/command/install.py:34: SetuptoolsDeprecationWarning: setup.py install is deprecated. Use build and pip and other standards-based tools.
    warnings.warn(
  running build
  running build_py
  creating build
  creating build/lib
  copying crontab.py -> build/lib
  copying crontabs.py -> build/lib
  copying cronlog.py -> build/lib
  running install_lib
  copying build/lib/cronlog.py -> /tmp/asdf/vvv/lib/python3.10/site-packages
  copying build/lib/crontabs.py -> /tmp/asdf/vvv/lib/python3.10/site-packages
  copying build/lib/crontab.py -> /tmp/asdf/vvv/lib/python3.10/site-packages
  byte-compiling /tmp/asdf/vvv/lib/python3.10/site-packages/cronlog.py to cronlog.cpython-310.pyc
  byte-compiling /tmp/asdf/vvv/lib/python3.10/site-packages/crontabs.py to crontabs.cpython-310.pyc
  byte-compiling /tmp/asdf/vvv/lib/python3.10/site-packages/crontab.py to crontab.cpython-310.pyc
  running install_egg_info
  running egg_info
  writing python_crontab.egg-info/PKG-INFO
  writing dependency_links to python_crontab.egg-info/dependency_links.txt
  writing requirements to python_crontab.egg-info/requires.txt
  writing top-level names to python_crontab.egg-info/top_level.txt
  reading manifest file 'python_crontab.egg-info/SOURCES.txt'
  reading manifest template 'MANIFEST.in'
  adding license file 'COPYING'
  adding license file 'AUTHORS'
  writing manifest file 'python_crontab.egg-info/SOURCES.txt'
  Copying python_crontab.egg-info to /tmp/asdf/vvv/lib/python3.10/site-packages/python_crontab-2.6.0-py3.10.egg-info
  running install_scripts
  writing list of installed files to '/tmp/pip-record-wngtnb0r/install-record.txt'
  Running setup.py install for python-crontab: finished with status 'done'
Successfully installed python-crontab-2.6.0
Removed build tracker: '/tmp/pip-build-tracker-1_1l4mrr'

Code of Conduct

I agree to follow the PSF Code of Conduct.

The text was updated successfully, but these errors were encountered:

n1ngu · 2023-01-03T19:00:57Z

For the record, using PIP_NO_BINARY=python-crontab is a known workaround to manually fix the artifact selection.

uranusjr · 2023-01-04T08:37:25Z

There ia already #5874 so apparently something broke.

uranusjr · 2023-01-04T08:50:12Z

Ah, bad03ef implemented hash-population incorrectly, so Links fetched from JSON are missing hashes.

Edit: On further inspection, the error is not in that commit, but much earlier, likely when we introduced JSON support.

sbidoul · 2023-01-04T09:20:28Z

Does #11538 fix this?

n1ngu · 2023-01-04T09:40:24Z

Does #11538 fix this?

Just installed pip install git+https://github.com/cboylan/pip.git@stable-wheel-cache and I can confirm it fixes my reproduction steps.

Checked 2 links for project 'python-crontab' against 1 hashes (1 matches, 0 no digest): discarding 1 non-matches:
  https://files.pythonhosted.org/packages/8a/65/ee4f4db956d14b42aa6cf0dbd0b77217a206484b99f1d4aa11326cd3952a/python_crontab-2.6.0-py3-none-any.whl (from https://pypi.org/simple/python-crontab/)
Collecting python-crontab==2.6.0
  Metadata-only fetching is not used as hash checking is required
  Created temporary directory: /tmp/pip-unpack-o3p3uldy
  Starting new HTTPS connection (1): files.pythonhosted.org:443
  https://files.pythonhosted.org:443 "GET /packages/06/b0/c270a1b5c83d9e0f83ab654d3153c39d80f61ba49fefde50fd23ab351381/python-crontab-2.6.0.tar.gz HTTP/1.1" 200 55325
  Downloading python-crontab-2.6.0.tar.gz (55 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 55.3/55.3 kB 5.2 MB/s eta 0:00:00
  Added python-crontab==2.6.0 from https://files.pythonhosted.org/packages/06/b0/c270a1b5c83d9e0f83ab654d3153c39d80f61ba49fefde50fd23ab351381/python-crontab-2.6.0.tar.gz (from -r reqs.txt (line 1)) to build tracker '/tmp/pip-build-tracker-c1y5gtet'
  Running setup.py (path:/tmp/pip-install-55wil301/python-crontab_e9af141ca9704fb0bd6ba9b5f1f42d9f/setup.py) egg_info for package python-crontab
.....

n1ngu added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Jan 3, 2023

n1ngu changed the title ~~Installation fails if a package publishes a late built distribution~~ Hash checking mode fails if a package publishes a late built distribution Jan 3, 2023

n1ngu mentioned this issue Jan 3, 2023

Installation fails if a package publishes a late built distribution pypa/pipenv#5550

Closed

uranusjr self-assigned this Jan 4, 2023

n1ngu mentioned this issue Jan 4, 2023

Restore pre 22.3 wheel cache pathing #11538

Closed

sbidoul added this to the 23.0 milestone Jan 4, 2023

uranusjr removed their assignment Jan 4, 2023

This was referenced Jan 4, 2023

Merge link_hash back into _hashes #11696

Merged

Test and news for wheel cache restoration #11713

Merged

pradyunsg closed this as completed in #11713 Jan 9, 2023

pradyunsg removed the S: needs triage Issues/PRs that need to be triaged label Jan 28, 2023

github-actions bot locked as resolved and limited conversation to collaborators Feb 28, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Hash checking mode fails if a package publishes a late built distribution #11692

Hash checking mode fails if a package publishes a late built distribution #11692

n1ngu commented Jan 3, 2023

n1ngu commented Jan 3, 2023

uranusjr commented Jan 4, 2023

uranusjr commented Jan 4, 2023 •

edited

Loading

sbidoul commented Jan 4, 2023

n1ngu commented Jan 4, 2023

Hash checking mode fails if a package publishes a late built distribution #11692

Hash checking mode fails if a package publishes a late built distribution #11692

Comments

n1ngu commented Jan 3, 2023

Description

Expected behavior

pip version

Python version

OS

How to Reproduce

Output

Code of Conduct

n1ngu commented Jan 3, 2023

uranusjr commented Jan 4, 2023

uranusjr commented Jan 4, 2023 • edited Loading

sbidoul commented Jan 4, 2023

n1ngu commented Jan 4, 2023

uranusjr commented Jan 4, 2023 •

edited

Loading